package org.sump;

import java.util.Set;

import org.sump.data.HasGrants;
import org.sump.data.Permission;
import org.sump.data.Resource;
import org.sump.data.ResourceType;
import org.sump.data.Role;
import org.sump.data.Subject;

/**
 * User management provider is responsible for providing SUMP with access to different subsystems such as
 * databases, LDAP etc. 
 * @author Sergey Grigorchuk (sergey.grigorchuk@gmail.com)
 */
public interface UMProvider {
	
	/**
	 * Returns all roles within system. If the system does not contains roles it has to return empty set.
	 * @return all roles within system.
	 */
	Set<Role> getRoles();
	
	/**
	 * Returns all subjects (users) within system. If the system does not contains subjects it has to return empty set.
	 * @return all subjects (users) within system
	 */
	Set<Subject> getSubjects();
	
	/**
	 * Finds and returns subject (user) by name.
	 * @param userName user name
	 * @return subject (user) with given name
	 */
	Subject getSubjectByName(String userName);

	/**
	 * Returns set of all possible permissions
	 * @return set of all possible permissions
	 */
	Set<Permission> getPermissions();

	/**
	 * Returns all resources (files, tables etc.) within system. 
	 * @return all resources (files, tables etc.) within system.
	 */
	Set<Resource> getResources();

	/**
	 * Returns all resource types ("file", "table" etc.) within system. If the system does not contains resource types it has to return empty set. 
	 * @return all resources (files, tables etc.) within system.
	 */
	Set<ResourceType> getResourceTypes();

	/**
	 * Adds subject (user) to the system
	 * @param subject subject to be added
	 */
	void addSubject(Subject subject);

	/**
	 * Removes subject (user) from the system
	 * @param subject subject to be removed
	 */
	void removeSubject(Subject subject);
	
	/**
	 * Sets grant. After the action the certain subject will have permission for resource.
	 * @param subject granted subject (user) 
	 * @param resource resource (file, table...)
	 * @param permission permission (select, execute, remove...) 
	 */
	void grant(HasGrants subject, Resource resource, Permission permission);

	/**
	 * Removes grant. After the action the certain subject will not have permission for resource.
	 * @param subject subject (user) 
	 * @param resource resource (file, table...)
	 * @param permission permission (select, execute, remove...) 
	 */
	void removeGrant(HasGrants subject, Resource resource, Permission permission);
}
